root mode: heresia? ... and more largely security

Non release banter
User avatar
francois
Contributor
Contributor
Posts: 6434
Joined: 28 Dec 2010, 14:25
Distribution: xfce plank porteus nemesis
Location: Le printemps, le printemps, le printemps... ... l'hiver s'essoufle.

Re: root mode: heresia? ... and more largely security

Post#46 by francois » 30 Jan 2016, 14:44

Mark, can you explain in simple terms but also concretely how a hacker could get around someone who always work in root mode?

Thanks.
Prendre son temps, profiter de celui qui passe.

Bogomips
Full of knowledge
Full of knowledge
Posts: 2564
Joined: 25 Jun 2014, 15:21
Distribution: 3.2.2 Cinnamon & KDE5
Location: London

Re: root mode: heresia? ... and more largely security

Post#47 by Bogomips » 30 Jan 2016, 15:17

Going on three years now, since gave up on Wi-Fi following heavy neigbourhood interference. Now just use domestic electrical circuit. Also has password protection. 8)
Linux porteus 4.4.0-porteus #3 SMP PREEMPT Sat Jan 23 07:01:55 UTC 2016 i686 AMD Sempron(tm) 140 Processor AuthenticAMD GNU/Linux
NVIDIA Corporation C61 [GeForce 6150SE nForce 430] (rev a2) MemTotal: 901760 kB MemFree: 66752 kB

User avatar
francois
Contributor
Contributor
Posts: 6434
Joined: 28 Dec 2010, 14:25
Distribution: xfce plank porteus nemesis
Location: Le printemps, le printemps, le printemps... ... l'hiver s'essoufle.

Re: root mode: heresia? ... and more largely security

Post#48 by francois » 30 Jan 2016, 17:22

So your advice would be to use strong root password, a password secure modem of the tplink or asus type as mentioned on wich you could install a secure modem software as mentioned above with some ethernet ports without wifi. Thus the only risk would be the net access, that could be limited to brief exposition as needed. 8)
Prendre son temps, profiter de celui qui passe.

markds
Legendary
Legendary
Posts: 43
Joined: 28 Dec 2012, 02:58
Distribution: Slackware
Location: Singapore

Re: root mode: heresia? ... and more largely security

Post#49 by markds » 30 Jan 2016, 20:10

francois wrote:Mark, can you explain in simple terms but also concretely how a hacker could get around someone who always work in root mode?

Thanks.
I wouldn't be able to. As I said previously, the chances of being hacked as root or a guest account are the same. It's not who you use to login as. It's your network and machine. If your network is "secured" (at least as much as it can be) then the hacker can't reach your machine. If he does reach your machine then it's a matter of whether your services are patched enough to keep the hacker out. Do your patches, updates, that's key - it diminishes the attack vectors a hacker can use. If your machine is not patched or updated and exploits in your services are open, the it won't matter who you use to log in.

In the first few comments of this thread, some one mentioned that if you work as root and a hacker hacks your application they will have root. This is false unless you are running a service as root and the application is vulnerable. This has nothing to do with you being root and logging on or being a guest. A service is what starts up and runs when the machine is switched on and because of the nature of the service may need to run as a privileged user (eg:root). In the old days Apache was like that - run as root and was easily broken by buffer overflows and the like, giving the attached root privileges. Or XSS vulnerabilities of using specially crafted commands in MySQL web interfaces that can execute command as root because the MySQL service is running as root. But none of these have anything to do with who you login as. Whether it's root you work as or a guest user, it's irrelevant. All these services are already running before you even log on. It's just a matter of how well these services have been written and secured while they run.

As I keep reiterating, who you log in as is just a preference of the user. If you don't feel like using root especially on a single user machine, then it's nothing to do with security, just fear of screwing something up. But whatever it is, it is just the user's preference.

Secure your network using a good routerr running firmware you can trust. Enable ids and firewall on the router. Use your end machines with an arp tool like arpwatch, Xarp or Winarp to do simple detection if a mitm attack is happening, limit wireless usage and stick to a wire unless absolutely necessary to go wireless. Patch your OS and apps and for goodness sakes don't answer strange emails or click links sent blindly.

Cheers mate.

markds
Legendary
Legendary
Posts: 43
Joined: 28 Dec 2012, 02:58
Distribution: Slackware
Location: Singapore

Re: root mode: heresia? ... and more largely security

Post#50 by markds » 31 Jan 2016, 04:18

phhpro wrote:
markds wrote:the chances of being hacked as root or a guest account are the same. It's not who you use to login as
The chances are indeed, with the tiny difference that being hacked while logged in as root is a dream come true for every wanna-be hack-a-poo. That's just about as bad as it can be. Not only are you exposing the current box, but also granting access to everything else connected either hard or soft, read: the entire LAN / WAN / etc. is on the dish. Are you sure you're in the proper business? Mind me, certainly no offense, but that statement is totally off the wall.
No, it just shows you don't understand the concept of being logged on and services and hacking in general. I'm beginning to wonder if you understand basic Unix and networking in general. And speaking of "wanna-be hack-a-poo"s, when's the last time you hacked anything?

People can hack in as root even if you are logged in as some guest account. You don't even need to be logged on for someone to hack in and gain root access. Log in as guest if you want and do a ps -ef and see all the processes that are already running as root. Those run regardless of who you log in as. Or maybe you are under the misguided concept that your Linux box is just like your windows machine where you turn it on only when you need to use it?

Why don't you go and find out about Unix, privileged escalation, mitm, what hacking is all about before you come onto a forum and pretend to act like you know more than everyone else.

This is exactly the reason I left all the forums.

aus9

Re: root mode: heresia? ... and more largely security

Post#51 by aus9 » 31 Jan 2016, 11:06

guys

francois has changed the thread subject but normal protocols still apply. If you are going to debate someone please cite known references and altho I am guilty of this myself try and not look you are questioning the other person....meaning showing disrespect.

healthy debate is good.....rather than say something is the case or something you said is not the case how about citing some references?

I think francois from day one, has been asking the question is it safe to login as root. He has a number of replies some for and some against.

Lets try and clean up the main theme and I will send anyone who is naughty to the naughty corner. I have been there its a lonely place

OK?

offtopic ask 2 doctor gurus what is wrong with me?
Dr 1 there is nothing wrong with me
Dr 2 everything

So without good links what do I do? We need to educate our members and take them on a journey....spoon feeding is allowed sometimes

fullmoonremix

Re: root mode: heresia? ... and more largely security

Post#52 by fullmoonremix » 31 Jan 2016, 12:24

Salutations... :good:

IMHO... :oops: not a panacea or utopia. None the less... truly words to the wise. I'll sign up for this any day of the week...
Secure your network using a good routerr running firmware you can trust. Enable ids and firewall on the router. Use your end machines with an arp tool like arpwatch, Xarp or Winarp to do simple detection if a mitm attack is happening, limit wireless usage and stick to a wire unless absolutely necessary to go wireless. Patch your OS and apps and for goodness sakes don't answer strange emails or click links sent blindly.


I'll sign up for this too... :wink:
(again... no utopia or panacea)

"Sandboxing"...
Secure by design
Adaptive Domain Environment for Operating Systems
Grsecurity
Microkernel: Security
Fault detection and isolation
Docker (software
Kiosk software: Security
List of copy protection schemes: Computer Software protection schemes
File:Honeypot diagram.jpg

IMHO... :oops: this thread might get a higher level of exposure in "Security".

...just a thought.

Best Regards... :beer:
Last edited by fullmoonremix on 31 Jan 2016, 13:19, edited 11 times in total.

markds
Legendary
Legendary
Posts: 43
Joined: 28 Dec 2012, 02:58
Distribution: Slackware
Location: Singapore

Re: root mode: heresia? ... and more largely security

Post#53 by markds » 31 Jan 2016, 12:43

My sources? 25 years of experience, collaborations, discussion and actually doing the job people just talk about. Nothing of what I have said can't be verified or is not backed up by tonnes practical situations and actual exploits which anyone who is half interested can search for on Google. Try these key words

privilege escalation
XSS+ MySQL
exploit database
CVE
unix services

Find me one link that says "my machine and network was hacked because I logged into my Linux as root".

In any case Aus9, it's all good. As I alluded to, this is the exact reason I left all forums, from Backtrack to Slax. Same story all the time. Francois pm me and asked me to look at this topic and give my 2 cents worth. I have done so.

I wish everyone enjoys the experience of learning through forums. Hopefully the people who know what they are talking about are the ones contributing.

aus9 wrote:guys

francois has changed the thread subject but normal protocols still apply. If you are going to debate someone please cite known references and altho I am guilty of this myself try and not look you are questioning the other person....meaning showing disrespect.

healthy debate is good.....rather than say something is the case or something you said is not the case how about citing some references?

I think francois from day one, has been asking the question is it safe to login as root. He has a number of replies some for and some against.

Lets try and clean up the main theme and I will send anyone who is naughty to the naughty corner. I have been there its a lonely place

OK?

offtopic ask 2 doctor gurus what is wrong with me?
Dr 1 there is nothing wrong with me
Dr 2 everything

So without good links what do I do? We need to educate our members and take them on a journey....spoon feeding is allowed sometimes

User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

Re: root mode: heresia? ... and more largely security

Post#54 by brokenman » 31 Jan 2016, 15:59

So there you have it. Security is quite a vague term and always starts debate. Log in as root if you know the risks. What I took from this is that you can easily cause havoc with an incorrect command (as root) but you are really only saving yourself from yourself. Half the services on your machine are running as root and if these services are breached, whoever breaches them also has that same access. Start by securing the front door (your network) and then keep your system up to date to minimize attack vectors. Remember that most of the good exploits are not known to the general public until some time after they are popularized. Wireless networks are fair game so use a good password. Just by pressing a button, an attacker can bump you off, forcing re-authentication, at which point they can sniff the handshake which will give them information to proceed.

Oh, and if you piss off the wrong person and become prey. Best unplug.

Thanks for dropping by and imparting your experience Markds. Much appreciated. I would say the door is always open for you, but somehow I think it wouldn't matter if we locked it. :wink:
How do i become super user?
Wear your underpants on the outside and put on a cape.

markds
Legendary
Legendary
Posts: 43
Joined: 28 Dec 2012, 02:58
Distribution: Slackware
Location: Singapore

Re: root mode: heresia? ... and more largely security

Post#55 by markds » 31 Jan 2016, 23:36

Keep talking pal, just digging that hole of yours all the much bigger.

Aus9, no personal attacks huh?

markds
Legendary
Legendary
Posts: 43
Joined: 28 Dec 2012, 02:58
Distribution: Slackware
Location: Singapore

Re: root mode: heresia? ... and more largely security

Post#56 by markds » 31 Jan 2016, 23:40

Thanks Jay, it has been fun - most of it. But I'll stay in private mode, pm me if needed for the project.

brokenman wrote:So there you have it. Security is quite a vague term and always starts debate. Log in as root if you know the risks. What I took from this is that you can easily cause havoc with an incorrect command (as root) but you are really only saving yourself from yourself. Half the services on your machine are running as root and if these services are breached, whoever breaches them also has that same access. Start by securing the front door (your network) and then keep your system up to date to minimize attack vectors. Remember that most of the good exploits are not known to the general public until some time after they are popularized. Wireless networks are fair game so use a good password. Just by pressing a button, an attacker can bump you off, forcing re-authentication, at which point they can sniff the handshake which will give them information to proceed.

Oh, and if you piss off the wrong person and become prey. Best unplug.

Thanks for dropping by and imparting your experience Markds. Much appreciated. I would say the door is always open for you, but somehow I think it wouldn't matter if we locked it. :wink:

Post Reply